It is important for the security professional to understand the techniques used by those they hope to defend against. This presentation focuses on the anti-forensic techniques which malware authors incorporate into their malicious code, as opposed to relying solely on an external rootkit. In addition to describing a number of known but scarcely documented techniques, this presentation will describe techniques which have never been observed through the presenter?s experience with incident response and malware reverse engineering. This presentation will also demonstrate a new technique for executing a malicious program directly from memory under unix. A new technique for avoiding entropy detection of packed or encrypted executables will also be discussed.